
function lbsUser() {
    ////// Attributes /////////////////////////////////////////////
    this.id = 0;
    this.username;
    this.password;
    this.salt;
    this.groupID = 2; // Default to Guest Group
    this.groupName = "<font color=red>" + lang["unkown"] + "</font>";
    this.rights = { "view": 0, "post": 0, "edit": 0, "delete": 0, "upload": 0 };
    this.gender;
    this.email;
    this.homepage;
    this.hideEmail;
    this.lastVisit;
    this.lastIP;
    this.IP;
    this.articleCount;
    this.commentCount;
    this.connectionOpen;
    this.loggedIn = false;


    ////// Initialization //////////////////////////////////////////




    // Login --------------------------
    this.login = function(strUsername, strPassword, intCookiesDay, bCheckSCode, strSCode, bNoSCode) {
        var strError = "";

        // Check if user is banned for login failure
        
        if ((new Date()) - Session("loginban") > 3 * 60 * 1000) {
        	// 超过时限了，可以再试试啰
            Session("loginfail") = undefined;
            Session("loginban") = undefined;
        }
        if (Session("loginfail") > 3) {
            Session("loginban") = new Date();
            Session("lbsSecurityCode") = undefined; // Clean up to avoid abuse
            return "<li>" + lang["login_fail_ban"] + "</li>";
        }

        // Check data
        if (!strUsername || !strPassword || (!bNoSCode && !Session("lbsSecurityCode"))) {
            strError += "<li>" + lang["form_incomplete"] + "</li>";
        }
        if (!func.checkUsername(strUsername)) {
            strError += "<li>" + lang["username_invalid"] + "</li>";
        }
        if (!func.checkPassword(strPassword)) {
            strError += "<li>" + lang["password_invalid"] + "</li>";
        }
        if (theCache.settings["enableSecurityCode"] == 1 && bCheckSCode && Session("lbsSecurityCode") != strSCode) {
            strError += "<li>" + lang["scode_invalid"] + "</li>";
        }

        if (strError != "") {
            // Return with error message
            return strError;
        }

        intCookiesDay = func.checkInt(intCookiesDay);
        if (!intCookiesDay) {
            intCookiesDay = 1;
        }
        var tDate = new Date();
        tDate.setTime(tDate.getTime() + intCookiesDay * 864E5);

        var tHashKey = func.SHA1(func.randomStr(6) + func.getDateTimeString());
        var arrUpdate = { "user_IP": this.IP,
            "user_hashKey": tHashKey,
            "user_LastVisit": new Date()
        };
        // Check Password
        var tmpA = connBlog.query("SELECT TOP 1 user_name,user_salt,user_password,user_id,user_groupID FROM [blog_User] WHERE user_Name='" + strUsername + "' AND user_salt<>''");
        if (tmpA) {
            tmpA = tmpA[0];
            if (tmpA["user_password"] == func.SHA1(strPassword + tmpA["user_salt"])) {
                // Update IP, lastVisitDate & hash key
                connBlog.update("[blog_User]", arrUpdate, "user_ID=" + tmpA["user_id"]);
                Response.Cookies(lbsNamespace + "userid") = tmpA["user_id"];
                Response.Cookies(lbsNamespace + "hashkey") = tHashKey;
                Response.Cookies(lbsNamespace + "userid").Expires = tDate.getVarDate();
                Response.Cookies(lbsNamespace + "hashkey").Expires = tDate.getVarDate();
                Session("lbsSecurityCode") = undefined; // Clean up to avoid abuse
                this.fill(tmpA);
                this.loggedIn = true;
                return false;
            } else {
                this.logout(false);
                if (!Session("loginfail")) Session("loginfail") = 0;
                Session("loginfail")++;
                return "<li>" + lang["login_fail"] + "</li>";
            }
            // Code below is only for transportion from old version
        } else if (tmpA = connBlog.query("SELECT TOP 1 user_name,user_id,user_salt,user_groupID FROM [blog_User] WHERE user_Name='" + strUsername + "' AND user_password='" + func.MD5(strPassword).toUpperCase() + "'")) {
            tmpA = tmpA[0];
            if (!tmpA["user_salt"]) {
                // Update Password Encrytion
                var strSalt = func.randomStr(6);
                arrUpdate["user_Salt"] = strSalt; // Update Password
                arrUpdate["user_Password"] = func.SHA1(strPassword + strSalt); // Update Password
                connBlog.update("[blog_User]", arrUpdate, "user_id=" + tmpA["user_id"]);
                Response.Cookies(lbsNamespace + "userid") = tmpA["user_id"];
                Response.Cookies(lbsNamespace + "hashkey") = tHashKey;
                Response.Cookies(lbsNamespace + "userid").Expires = tDate.getVarDate();
                Response.Cookies(lbsNamespace + "hashkey").Expires = tDate.getVarDate();
                Session("lbsSecurityCode") = undefined; // Clean up to avoid abuse
                this.fill(tmpA);
                this.loggedIn = true;
                return false;
            } else {
                this.logout(false);
                if (!Session("loginfail")) Session("loginfail") = 0;
                Session("loginfail")++;
                return "<li>" + lang["login_fail"] + "</li>";
            }
        } else {
            this.logout(false);
            return "<li>" + lang["user_not_found"] + "</li>";
        }
    }

    // Logout --------------------------
    this.logout = function(bCleanHashKey) {
        Response.Cookies(lbsNamespace + "userid") = undefined;
        Response.Cookies(lbsNamespace + "hashkey") = undefined;
        if (bCleanHashKey) {
            connBlog.update("[blog_User]", { "user_hashKey": "" }, "user_ID=" + this.id);
        }
        this.loggedIn = false;
    }

    // Check User Cookies --------------------------
    this.checkCookies = function() {
        if (!String(Request.Cookies(lbsNamespace + "userid")) || !String(Request.Cookies(lbsNamespace + "hashkey"))) {
            this.logout(false);
        } else {
            var intUserID = func.checkInt(Request.Cookies(lbsNamespace + "userid"));
            var strHashKey = String(Request.Cookies(lbsNamespace + "hashkey"));
            var tmpA = connBlog.query("SELECT TOP 1 user_id,user_ip,user_name,user_groupID FROM [blog_User] WHERE user_id=" + intUserID + " AND user_hashKey='" + func.checkStr(strHashKey) + "' AND user_hashKey<>''");
            if (tmpA) {
                if (bCheckIP && tmpA[0]["user_ip"] != this.IP) {
                    this.id = tmpA[0]["user_id"];
                    this.logout(true);
                } else {
                    this.loggedIn = true;
                    this.fill(tmpA[0]);
                }
            } else {
                this.logout(false);
            }
        }
    }
}

